CVE-2008-4306 - OpenCVE

Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ubuntu	Linux

Configuration 1 [-]

OR	cpe:2.3:o:ubuntu:linux:6.06:lts::::::
	cpe:2.3:o:ubuntu:linux:7.10:::::::*
	cpe:2.3:o:ubuntu:linux:8.04:lts::::::
	cpe:2.3:o:ubuntu:linux:8.10:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://osvdb.org/49569
http://rhn.redhat.com/errata/RHSA-2008-1021.html
http://secunia.com/advisories/32521
http://secunia.com/advisories/32530	Vendor Advisory
http://secunia.com/advisories/32753
http://secunia.com/advisories/32854
http://secunia.com/advisories/32970
http://secunia.com/advisories/33109
http://security.gentoo.org/glsa/glsa-200812-02.xml
http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321
http://www.debian.org/security/2008/dsa-1670
http://www.mandriva.com/security/advisories?name=MDVSA-2008:243
http://www.redhat.com/support/errata/RHSA-2008-1016.html
http://www.securityfocus.com/archive/1/498385/100/0/threaded
http://www.ubuntu.com/usn/usn-660-1
https://issues.rpath.com/browse/RPL-2887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10718
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00014.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00040.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2008-11-04T20:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-09-29T00:00:00

Link: CVE-2008-4306

JSON object: View

NVD Information

Status : Modified

Published: 2008-11-04T21:00:01.767

Modified: 2018-10-11T20:51:22.787

Link: CVE-2008-4306

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "oval:org.mitre.oval:def:10718", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10718"}, {"name": "32521", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32521"}, {"name": "49569", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/49569"}, {"name": "SUSE-SR:2008:024", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"}, {"name": "FEDORA-2008-9372", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00040.html"}, {"name": "FEDORA-2008-9351", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00014.html"}, {"name": "RHSA-2008:1016", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-1016.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm"}, {"name": "USN-660-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-660-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321"}, {"name": "GLSA-200812-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200812-02.xml"}, {"name": "20081117 rPSA-2008-0321-1 enscript", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498385/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-2887"}, {"name": "32854", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32854"}, {"name": "MDVSA-2008:243", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:243"}, {"name": "32970", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32970"}, {"name": "32530", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32530"}, {"name": "DSA-1670", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1670"}, {"name": "32753", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32753"}, {"name": "33109", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33109"}, {"name": "RHSA-2008:1021", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2008-1021.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-4306", "datePublished": "2008-11-04T20:00:00", "dateReserved": "2008-09-29T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:linux:6.06:lts:*:*:*:*:*:*", "matchCriteriaId": "B25664CA-ACA3-4BFD-AE57-5799AF833CB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "8FD4456F-5506-486F-B459-1287B8F327BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:linux:8.04:lts:*:*:*:*:*:*", "matchCriteriaId": "0816971B-91BE-4D9E-BE54-299C89FF4D38", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "A997A76A-22F0-4A67-9D66-97911B8BDDD9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence."}, {"lang": "es", "value": "Vulnerabilidad inespec\u00edfica en enscript antes de la v1.6.4 en Ubuntu Linux v6.06 LTS, v7.10, v8.04 y v8.10 que tiene un impacto y unos vectores de ataque desconocidos, posiblemente este relacionado con el desbordamiento de b\u00fafer."}], "id": "CVE-2008-4306", "lastModified": "2018-10-11T20:51:22.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-11-04T21:00:01.767", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/49569"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2008-1021.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32521"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32530"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32753"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32854"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32970"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33109"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200812-02.xml"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm"}, {"source": "secalert@redhat.com", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1670"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:243"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-1016.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/498385/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-660-1"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-2887"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10718"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00014.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00040.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}